Gabrielli and cybersecurity: "Italy must run, now go to the Agency"

• Tokyo 2020. The FBI launches the cyber-attacks alarm

• US-China: Biden accuses the Chinese government of collaboration in cyber attacks

• Cybersecurity, Dragons signature update list subjects included

• Lamorgese, cybersecurity alert: "In 2020, computer crimes increased by 33 percent"

Share

02 August 2021 "We have to run". Franco Gabrielli, Undersecretary to the Prime Minister (Delegated Authority for the Security of the Republic) is convinced of this, who in an interview with

, a few days after Parliament's final

establishment of

( Acn), recalls that "two countries such as Germany and France have been endowed with a National Cybernetic Resilience Authority for a long time. Germany in 1991, France in 2009. We arrive out of breath for this 2021, with, says Minister Colao,

and the prospect of 1 trillion active digital devices on the planet by 2030. We are already immersed in artificial intelligence and the digital dimension of things. That's why I say we have to run. And the birth of the Agency is the beginning of this race ".

To those who ask him the reasons for this delay, Gabrielli replies as follows: "We got bogged down in a ten-year debate that imagined cybersecurity inserted within the perimeter of our Intelligence. Which, in some respects, was also understandable. The reasoning. , for a long time, it was to imagine that the context of intelligence agencies would allow the capacity and development times of a "civil" agency for cybersecurity to be faster. A bit like it happens with start-ups. Many perhaps will remember, during the Renzi government, the idea of ​​the "Tsar for cybersecurity." And they all certainly remember the idea of ​​Count of a Foundation hinged within the perimeter of the Department for Information and Security,which is the leading and coordinating body of our operational intelligence agencies ".

"That choice - continues Gabrielli - has meant that, for years, while Europe was asking us for a certain, defined and unitary interlocutor on cybersecurity issues, we had 23 competent subjects who spoke on that matter. And that while countries like France and Germany were equipped with agencies with no less than 1,000 employees, we did not go beyond 50 valid operators at Dis and the promised hiring of 70 IT engineers at Mise, who never arrived ".

Hence the need for a change of pace. "We have made a clear choice that sees what we have called" cybernetic resilience "- and therefore the structures, the professionalism, the training necessary to

that allows it to reach hardware and software production levels that make us competitive in the international scenario - headed by a public entity, the National Cybersecurity Agency. Which will move under the guidance of the Presidency of the Council, which will dialogue with all public administrations and private entities destined to equip themselves with cybernetic security tools. At the same time, we instead left the investigations on cyber crimes to the Police forces, to the Defense that of the attacks on our military infrastructures and to Intelligence, Dis, Aise and Aisi, that of information collection. If I had to say it in a word,

we have: police, defense, intelligence. A "mixed" model based on four pillars ".

" In the world of so-called "safety" - and I speak with full knowledge of the facts having spent part of my professional life in Civil Protection -

. Let's take the Cyber ​​threat now. It is evident that the parameters of danger and exposure, precisely for what I said before, not only cannot be reduced in the future, but will grow exponentially, regardless of the initiatives that any country or private entity may take. Therefore, there is only one parameter on which we can act: that of vulnerability. Here, the National Cybersecurity Agency will have to ensure that our public administrations, our companies, our strategic infrastructures, let's even say our "Country System" reduces its degree of vulnerability ".

A step that "will not be easy", Gabrielli acknowledges in the interview, "because it is cultural. Because it means introducing a culture of" safety "within a historically security model. It means

What I mean is that too often we have become convinced that the aspects of safety, risk prevention or threat, could be managed with the tools of security: police forces, army, intelligence. I say it in a simple way: we do not secure our territory, we underestimate climate change and the implications it entails in terms of a new security organization, but we invoke the army when we are submerged by floods. In short, we are used to thinking that ours is a country to be reassured, while it must be put in a position to feel safe. This is why I think this reform is also important beyond the Cyber ​​matter it governs. "

Finally, the

chapter

. "The Pnrr foresees 50 million for the Agency and 620 for resilience. And, empty for full, a staff of 300 professionals who, in the five-year period, will rise to 1,000, to be recruited on the market at market prices. We cannot think of attracting the best of professionalism and intelligence if we are not able to pay them as the market pays them. This is why a position has been devised that will see the agency's employees paid with the parameters of the Bank of Italy. do things not only right, but seriously, "he concludes.